The WebAuthn Level 3 Draft , specifies a new Device-bound extension (devicePubKey) to signal if the credential is bound to a device or not (if not it is ‘backed-up’). We should look into supporting this extension.
Environment
None
Activity
Philip SmartSeptember 10, 2024 at 11:02 AM
This might be deprecated now in favour of supplementalPubKeys, but I need to dig into it.
Philip SmartAugust 9, 2024 at 3:11 PM
Probably useful in Enterprise environments to prevent the synching of credentials across cloud infrastructure.
Philip SmartJune 28, 2024 at 10:26 AM
this also relates to the ‘durablility’ of a credential. That is, if it is ‘backed-up' you might have confidence in being able to delete a user's traditional password. Not sure that this is a use case for us, but I guess we can signal it in some way.
The WebAuthn Level 3 Draft , specifies a new Device-bound extension (devicePubKey) to signal if the credential is bound to a device or not (if not it is ‘backed-up’). We should look into supporting this extension.